/**
* generate voting-form
*/
protected function generateVotingForm()
{
if (!$this->loggedInUser || $this->loggedInUser->id == $this->ratedUser->id) {
return;
}
$strFields = '';
$scoreError = false;
$this->Template->formId = 'tl_comments_' . $this->id;
$this->Template->action = \Environment::get('indexFreeRequest');
$this->Template->enctype = 'application/x-www-form-urlencoded';
$arrFields = array();
$objComment = new \CommentsModel();
// Build the form
$arrFF = array('comment', 'score', 'captcha');
foreach ($arrFF as $field) {
$arrData =& $GLOBALS['TL_DCA']['tl_comments']['fields'][$field];
$strClass = $GLOBALS['TL_FFL'][$arrData['inputType']];
$arrData['eval']['tableless'] = 'true';
$arrData['label'] = $GLOBALS['TL_LANG']['tl_comments'][$field][0];
$varValue = '';
$objWidget = new $strClass($strClass::getAttributesFromDca($arrData, $field, $varValue, '', '', $this));
$objWidget->storeValues = true;
// Validate the form data
if (\Input::post('FORM_SUBMIT') == 'tl_comments_' . $this->id) {
$objWidget->validate();
$varValue = $objWidget->value;
// check vor valid score interval
if ($field == 'score') {
if (!mberegi('^(1|2|3|4|5)\\d{0}$', $varValue)) {
$doNotSubmit = true;
$scoreError = true;
}
}
// Do not submit the field if there are errors
if ($objWidget->hasErrors()) {
$doNotSubmit = true;
} elseif ($objWidget->submitInput()) {
$blnModified = true;
// Store the form data
$_SESSION['FORM_DATA'][$field] = $varValue;
// Set the correct empty value (see #6284, #6373)
if ($varValue === '') {
$varValue = $objWidget->getEmptyValue();
}
// Set the new value
if ($field !== 'captcha') {
$objComment->{$field} = $varValue;
}
}
}
$temp = $objWidget->parse();
// add a hidden field for the starrating
if ($field == 'score') {
$temp = '<input type="hidden" name="score" id="ctrl_score" value="">';
}
$strFields .= $temp;
$arrFields[$field] = $temp;
}
// Save the model
if ($doNotSubmit !== true && $blnModified && \Input::post('FORM_SUBMIT') == 'tl_comments_' . $this->id) {
$objComment->owner = $this->loggedInUser->id;
$objComment->dateOfCreation = time();
$objComment->source = 'tl_member';
$objComment->ip = \Environment::get('ip');
$objComment->activation_token = md5(session_id() . time() . $this->loggedInUser->id);
$objComment->parent = $this->ratedUser->id;
$objComment->published = 0;
$objComment->save();
$this->log('A new entry "tl_comments.id=' . $objComment->id . '" has been created', __METHOD__, TL_GENERAL);
// notify rated member
if ($this->notifyRatedUser && $objComment->id > 0 && $objComment->comment != '') {
$this->notifyUser($objComment);
}
$this->jumpToOrReload($this->jumpTo);
}
if ($scoreError) {
$strFields = '<p class="error">Bitte eine gültige Punktzahl vergeben.</p>' . $strFields;
}
$this->Template->slabel = specialchars($GLOBALS['TL_LANG']['MSC']['saveData']);
$this->Template->fields = $strFields;
$this->Template->arrFields = $arrFields;
// shit storm protection
if ($this->blockingTime > 0) {
$objRatings = $this->Database->prepare("SELECT * FROM tl_comments WHERE source = ? AND parent = ? AND owner = ? AND dateOfCreation > ? ORDER BY dateOfCreation DESC")->limit(1)->execute('tl_member', $this->ratedUser->id, $this->loggedInUser->id, time() - $this->blockingTime);
if ($objRatings->numRows > 0) {
$this->Template->commentFormLocked = true;
$time = $this->blockingTime - (time() - $objRatings->dateOfCreation);
$h = floor($time / 3600);
$min = floor(($time / 3600 - $h) * 60);
if ($time <= 60) {
$this->Template->commentFormLockedTime = $time . ' s';
} else {
$this->Template->commentFormLockedTime = ($h > 0 ? $h . ' h ' : '') . $min . ' min';
}
}
}
}
/**
* Notify the subscribers of new comments
*
* @param \CommentsModel $objComment
*/
public static function notifyCommentsSubscribers(\CommentsModel $objComment)
{
// Notified already
if ($objComment->notified) {
return;
}
$objNotify = \CommentsNotifyModel::findActiveBySourceAndParent($objComment->source, $objComment->parent);
// No subscriptions
if ($objNotify === null) {
return;
}
while ($objNotify->next()) {
// Don't notify the commentor about his own comment
if ($objNotify->email == $objComment->email) {
continue;
}
// Prepare the URL
$strUrl = \Idna::decode(\Environment::get('base')) . $objNotify->url;
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_notifySubject'], \Idna::decode(\Environment::get('host')));
$objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['com_notifyMessage'], $objNotify->name, $strUrl, $strUrl . '?token=' . $objNotify->tokenRemove);
$objEmail->sendTo($objNotify->email);
}
$objComment->notified = 1;
$objComment->save();
}
/**
* Add comments to a template
* @param \FrontendTemplate
* @param \stdClass
* @param string
* @param integer
* @param array
*/
public function addCommentsToTemplate(\FrontendTemplate $objTemplate, \stdClass $objConfig, $strSource, $intParent, $arrNotifies)
{
global $objPage;
$limit = 0;
$offset = 0;
$total = 0;
$gtotal = 0;
$arrComments = array();
$objTemplate->comments = array();
// see #4064
// Pagination
if ($objConfig->perPage > 0) {
// Get the total number of comments
$intTotal = \CommentsModel::countPublishedBySourceAndParent($strSource, $intParent);
$total = $gtotal = $intTotal;
// Get the current page
$id = 'page_c' . $this->id;
$page = \Input::get($id) ?: 1;
// Do not index or cache the page if the page number is outside the range
if ($page < 1 || $page > max(ceil($total / $objConfig->perPage), 1)) {
global $objPage;
$objPage->noSearch = 1;
$objPage->cache = 0;
// Send a 404 header
header('HTTP/1.1 404 Not Found');
$objTemplate->allowComments = false;
return;
}
// Set limit and offset
$limit = $objConfig->perPage;
$offset = ($page - 1) * $objConfig->perPage;
// Initialize the pagination menu
$objPagination = new \Pagination($total, $objConfig->perPage, 7, $id);
$objTemplate->pagination = $objPagination->generate("\n ");
}
$objTemplate->allowComments = true;
// Get all published comments
if ($limit) {
$objComments = \CommentsModel::findPublishedBySourceAndParent($strSource, $intParent, $limit, $offset);
} else {
$objComments = \CommentsModel::findPublishedBySourceAndParent($strSource, $intParent);
}
if ($objComments !== null && ($total = $objComments->count()) > 0) {
$count = 0;
if ($objConfig->template == '') {
$objConfig->template = 'com_default';
}
$objPartial = new \FrontendTemplate($objConfig->template);
while ($objComments->next()) {
$objPartial->setData($objComments->row());
// Clean the RTE output
if ($objPage->outputFormat == 'xhtml') {
$objComments->comment = \String::toXhtml($objComments->comment);
} else {
$objComments->comment = \String::toHtml5($objComments->comment);
}
$objPartial->comment = trim(str_replace(array('{{', '}}'), array('{{', '}}'), $objComments->comment));
$objPartial->datim = $this->parseDate($objPage->datimFormat, $objComments->date);
$objPartial->date = $this->parseDate($objPage->dateFormat, $objComments->date);
$objPartial->class = ($count < 1 ? ' first' : '') . ($count >= $total - 1 ? ' last' : '') . ($count % 2 == 0 ? ' even' : ' odd');
$objPartial->by = $GLOBALS['TL_LANG']['MSC']['comment_by'];
$objPartial->id = 'c' . $objComments->id;
$objPartial->timestamp = $objComments->date;
$objPartial->datetime = date('Y-m-d\\TH:i:sP', $objComments->date);
$objPartial->addReply = false;
// Reply
if ($objComments->addReply && $objComments->reply != '') {
if (($objAuthor = $objComments->getRelated('author')) !== null) {
$objPartial->addReply = true;
$objPartial->rby = $GLOBALS['TL_LANG']['MSC']['reply_by'];
$objPartial->reply = $this->replaceInsertTags($objComments->reply);
$objPartial->author = $objAuthor;
// Clean the RTE output
if ($objPage->outputFormat == 'xhtml') {
$objPartial->reply = \String::toXhtml($objPartial->reply);
} else {
$objPartial->reply = \String::toHtml5($objPartial->reply);
}
}
}
$arrComments[] = $objPartial->parse();
++$count;
}
}
$objTemplate->comments = $arrComments;
$objTemplate->addComment = $GLOBALS['TL_LANG']['MSC']['addComment'];
$objTemplate->name = $GLOBALS['TL_LANG']['MSC']['com_name'];
$objTemplate->email = $GLOBALS['TL_LANG']['MSC']['com_email'];
$objTemplate->website = $GLOBALS['TL_LANG']['MSC']['com_website'];
$objTemplate->commentsTotal = $limit ? $gtotal : $total;
// Get the front end user object
$this->import('FrontendUser', 'User');
// Access control
if ($objConfig->requireLogin && !BE_USER_LOGGED_IN && !FE_USER_LOGGED_IN) {
$objTemplate->requireLogin = true;
return;
}
// Form fields
$arrFields = array('name' => array('name' => 'name', 'label' => $GLOBALS['TL_LANG']['MSC']['com_name'], 'value' => trim($this->User->firstname . ' ' . $this->User->lastname), 'inputType' => 'text', 'eval' => array('mandatory' => true, 'maxlength' => 64)), 'email' => array('name' => 'email', 'label' => $GLOBALS['TL_LANG']['MSC']['com_email'], 'value' => $this->User->email, 'inputType' => 'text', 'eval' => array('rgxp' => 'email', 'mandatory' => true, 'maxlength' => 128, 'decodeEntities' => true)), 'website' => array('name' => 'website', 'label' => $GLOBALS['TL_LANG']['MSC']['com_website'], 'inputType' => 'text', 'eval' => array('rgxp' => 'url', 'maxlength' => 128, 'decodeEntities' => true)));
// Captcha
if (!$objConfig->disableCaptcha) {
$arrFields['captcha'] = array('name' => 'captcha', 'inputType' => 'captcha', 'eval' => array('mandatory' => true));
}
// Comment field
$arrFields['comment'] = array('name' => 'comment', 'label' => $GLOBALS['TL_LANG']['MSC']['com_comment'], 'inputType' => 'textarea', 'eval' => array('mandatory' => true, 'rows' => 4, 'cols' => 40, 'preserveTags' => true));
$doNotSubmit = false;
$arrWidgets = array();
$strFormId = 'com_' . $strSource . '_' . $intParent;
// Initialize widgets
foreach ($arrFields as $arrField) {
$strClass = $GLOBALS['TL_FFL'][$arrField['inputType']];
// Continue if the class is not defined
if (!$this->classFileExists($strClass)) {
continue;
}
$arrField['eval']['required'] = $arrField['eval']['mandatory'];
$objWidget = new $strClass($this->prepareForWidget($arrField, $arrField['name'], $arrField['value']));
// Validate the widget
if (\Input::post('FORM_SUBMIT') == $strFormId) {
$objWidget->validate();
if ($objWidget->hasErrors()) {
$doNotSubmit = true;
}
}
$arrWidgets[$arrField['name']] = $objWidget;
}
$objTemplate->fields = $arrWidgets;
$objTemplate->submit = $GLOBALS['TL_LANG']['MSC']['com_submit'];
$objTemplate->action = ampersand(\Environment::get('request'));
$objTemplate->messages = '';
// Backwards compatibility
$objTemplate->formId = $strFormId;
$objTemplate->hasError = $doNotSubmit;
// Do not index or cache the page with the confirmation message
if ($_SESSION['TL_COMMENT_ADDED']) {
global $objPage;
$objPage->noSearch = 1;
$objPage->cache = 0;
$objTemplate->confirm = $GLOBALS['TL_LANG']['MSC']['com_confirm'];
$_SESSION['TL_COMMENT_ADDED'] = false;
}
// Add the comment
if (!$doNotSubmit && \Input::post('FORM_SUBMIT') == $strFormId) {
$strWebsite = $arrWidgets['website']->value;
// Add http:// to the website
if ($strWebsite != '' && !preg_match('@^(https?://|ftp://|mailto:|#)@i', $strWebsite)) {
$strWebsite = 'http://' . $strWebsite;
}
// Do not parse any tags in the comment
$strComment = htmlspecialchars(trim($arrWidgets['comment']->value));
$strComment = str_replace(array('&', '<', '>'), array('[&]', '[lt]', '[gt]'), $strComment);
// Remove multiple line feeds
$strComment = preg_replace('@\\n\\n+@', "\n\n", $strComment);
// Parse BBCode
if ($objConfig->bbcode) {
$strComment = $this->parseBbCode($strComment);
}
// Prevent cross-site request forgeries
$strComment = preg_replace('/(href|src|on[a-z]+)="[^"]*(contao\\/main\\.php|typolight\\/main\\.php|javascript|vbscri?pt|script|alert|document|cookie|window)[^"]*"+/i', '$1="#"', $strComment);
$time = time();
// Prepare the record
$arrSet = array('source' => $strSource, 'parent' => $intParent, 'tstamp' => $time, 'name' => $arrWidgets['name']->value, 'email' => $arrWidgets['email']->value, 'website' => $strWebsite, 'comment' => $this->convertLineFeeds($strComment), 'ip' => $this->anonymizeIp(\Environment::get('ip')), 'date' => $time, 'published' => $objConfig->moderate ? '' : 1);
$objComment = new \CommentsModel();
$objComment->setRow($arrSet);
$objComment->save();
$insertId = $objComment->id;
// HOOK: add custom logic
if (isset($GLOBALS['TL_HOOKS']['addComment']) && is_array($GLOBALS['TL_HOOKS']['addComment'])) {
foreach ($GLOBALS['TL_HOOKS']['addComment'] as $callback) {
$this->import($callback[0]);
$this->{$callback}[0]->{$callback}[1]($insertId, $arrSet, $this);
}
}
// Notification
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_subject'], \Environment::get('host'));
// Convert the comment to plain text
$strComment = strip_tags($strComment);
$strComment = \String::decodeEntities($strComment);
$strComment = str_replace(array('[&]', '[lt]', '[gt]'), array('&', '<', '>'), $strComment);
// Add comment details
$objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['com_message'], $arrSet['name'] . ' (' . $arrSet['email'] . ')', $strComment, \Environment::get('base') . \Environment::get('request'), \Environment::get('base') . 'contao/main.php?do=comments&act=edit&id=' . $insertId);
// Do not send notifications twice
if (is_array($arrNotifies)) {
$arrNotifies = array_unique($arrNotifies);
}
$objEmail->sendTo($arrNotifies);
// Pending for approval
if ($objConfig->moderate) {
$_SESSION['TL_COMMENT_ADDED'] = true;
}
$this->reload();
}
}